1450 entries in 0.626s
mircea_popescu: gotta love people that send you
gpg mail and dutifully include a complete summary in the subject line
mircea_popescu: anyway, if one must have container encryption, use the fucking tools. make a tarball that you
gpg encrypt
mircea_popescu: pankkake: I guess you could do file level encryption with
gpg, but… there are probably better solutions << i still don't get why anyone thinks container encryption is a thing or makes sense
mircea_popescu: moiety good idea. also have some
gpg manuals at the ready, a how to reg with gribble thing, basic stuff like that.
mircea_popescu: helpfully omits to link
gpg key. likely does not even know what that is or why it'd be relevant.
mircea_popescu: "We have used PGP/
GPG for long years before Bitcoin paper was written."
mircea_popescu: so basically any
gpg key / wallet / anything ever generater on node.js could be cracked trivially, within hours.
mircea_popescu: nao thestringpuller can finally get
gpg certified on trilema
mircea_popescu: "This INITIAL PUBLIC OFFERING AGREEMENT (the "Agreement") is made and entered into as of August 14, 2012, by and among Bitpantry, an unregistered corporation ; Ryan "aethero" Schreiber (
GPG fingerprint 305C FB53 7F95 EB20 34A2 E72F 6B5A 5086 B24E D539), an individual ; Stormy "lucidlepidoptera" Schreiber (bitcoin address 1J96JXdfY3CYKeqiDASgnaKjLqumfqfSdG), an individual and MPEx"
mircea_popescu: asciilifeform chetty what was the
gpg competitor nsa was pushing back i nthe day ?
mircea_popescu: or "pls to use whatever the
gpg competitor was, i forgot" 20 years prior.
mircea_popescu: hey, what terminally ill
gpg implementation do osx folks use ?
mircea_popescu: punkman: fluffypony, because someone smart left the keys on the door (on the inside) << were these...
gpg keys ?
mircea_popescu: pankkake the x.eur has the advantage that being supported by push txn and exchange sigs, you can enter into derivative
gpg contracts of infinite complexity and actual otc quality on its basis.
mircea_popescu: danielpbarron: has anyone in here ever floated the idea of bringing the WoT to twitter? << i dun think i'd want that really. but maybe a
gpg-based ircitter may be interesting.
mircea_popescu: then get
gpg going on a secure system and get registered with gribble.
mircea_popescu: i couldn't need a dns less : you know where to send funds becasuse yu get a
gpg signed deposit slip.
mircea_popescu:
gpg is a gnu implementation of pgp, which is the original public key cryptoi system
mircea_popescu: <benkay> hey, guys: which is less likely to leak? openssl or
gpg? <<
gpg may still have a bug or two in there.
mircea_popescu: <benkay> all of a sudden i'm struck by the notion that the only good withdrawal message is one
gpg-signed by the withdrawing party. << welcome to... 2012 ?
mircea_popescu: anyway, the
gpg wot is imo a broken beyond belief implementaiton
mircea_popescu: Naphex well if you like
gpg add a
gpg sig to gribble wot so i can get your pubkey.
mircea_popescu: and add a simple html form where i can dump my files as a
gpg -r -a
mircea_popescu: on the page where one can submit documents to be verified, add a link to a textfile constructed as
gpg -export-pubkey -a |
gpg --clearsign -a
mircea_popescu: alexsanjose seriously, someone over at reuters has to eventually figure out how to create a
gpg key, reg it with gribble, get in the wot.
mircea_popescu: already good software is
gpg based as a matter of course. so what if microsoft doesn't want to sign ?
mircea_popescu: i just encrypt in
gpg, everything the same way, and then paste the text in an email.
mircea_popescu: fluffypony the guy is derping about what "
gpg does in 2014" forgetting to even mention what version he's using. because everything in his head was born this year, so obviously...
mircea_popescu: "Holy shit! What kind of toy random number generator is
GPG using? Never mind that the message is printed twice. Never mind that both messages flick by before I have half a chance to read them, let alone do anything to entropize my system. “Wiggle the mouse for moar entropies.” I wouldn’t trust a program that prints messages like this to protect my middle school slambook."
mircea_popescu: incidentally :
gpg armored lends itself splendidly to stego : the payload byte is only a few bits
mircea_popescu: Anduck so then that's perfect, people who think they know about bitcoin and bitcoin assets but have no clue about bitcoin or bitcoin assets can spend some quality time in -otc hanging out with gribble and learning the basics of bitcoin and bitcoin assets :
gpg, otc, wot, all that stuff.
mircea_popescu: KRS-1 then you can just log with the btc addy and reg a new
gpg key.
mircea_popescu: if someone is going to break your
gpg encryption tehy will attack the symmetric key not the 4kb rsa
mircea_popescu: i have no idea how come they still give diplomas to lawyers and journalists that aren't fluent with
gpg since their sophomore year, but hey.
mircea_popescu: bounce i myself am happy with the "clueless woman, learned to use
gpg last week, does not quite grok what keys are or how they work"
mircea_popescu: Apocalyptic at the very least as an interim install a
gpg-based method for peole to verify your certs.
mircea_popescu: thestringpuller: there should be a
gpg encrypted bitcoin illuminati forum<< once this chan goes +m it'll pretty much be it i guess.
mircea_popescu: (ie, to say "i did sign this but it should not bind me because it's a
gpg contract" and to say "i never signed this" are different stands in court)
mircea_popescu: i can somehow send you email perfectly safely by pastebining it. do the same, alter the firmware to use
gpg signed packets.
mircea_popescu: that part was never difficult to prove historically. the other side is the grand contribution of
gpg/bitcoin to legal practice.
mircea_popescu: pLambert a
gpg message including a block and its hash could prove it wasn't made before that block yes
mircea_popescu: you can program both
gpg via bash and bitcoin client via whatever api
mircea_popescu: khersonus you can, if somewhat more circumvolutedly. you sign a
gpg "x address will pay 0.04875983 btc to y address at z time"
mircea_popescu: it makes 0 diff to me if i type ;;sig in here or
gpg in a cli. all i want is to have somewhere i can type into.
mircea_popescu: i don't need/want one for
gpg personally. because i already have the infrastructure in place to do that for me.
mircea_popescu: khersonus what do you mean you haven't seen it used before ?
gpg altogether or specifically a bot ?
mircea_popescu: not really. it's incredibly badly implemented, and perfectly useless seeing how
gpg does it better.
mircea_popescu: SatoshiJack you say ;;
gpg everify freenode:#bitcoin-otc:ab5ae4d79blabla
mircea_popescu: i guess this is why no
gpg contract = scam, pretty much.
mircea_popescu: benkay no i get that part, but once he signs a
gpg statement what do you need permission to host it for ?
mircea_popescu: whats the best alternative to password manager? just encrypt the file yourself with a password? <<
gpg --encrypt --armor -r yourname
mircea_popescu: anyway, the point being that whether your name is or is not associated with a list of txn is not contingent on you typing the name in the
gpg key gen process
mircea_popescu: s.nsa is a fine example of one company that succeeded. the owner there came up with the idea of making an actually cryptographically secure
gpg gizmo
mircea_popescu: Mats_cd03 so simply advertise a
gpg key, which people can encrypt to.
mircea_popescu: you can trivially print out
gpg signed contracts, sign on the paper, and register them
mircea_popescu: it's not even fucking hard to reimplement
gpg without caching
mircea_popescu: in a sense bitbet acts like the exact oposite of the doctrine of
gpg contracts
mircea_popescu: let's consider some fun facts together :
gpg takes ~5 minutes to generate a 2k key